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PRE-APPEAL BRIEF REQUEST FOR REVIEW 

Mail Stop AF 

Commissioner for Patents 

P.O. Box 1450 

Alexandria, VA 22313-1450 

Sir: 

In response to the Final Office Action of March 2, 2006, and the 13 April 
Telephonic interview, and in conjunction with the attached Notice of Appeal, Appellants 
hereby request review of the Final Office Action in the above application. 

Independent claim 1 recites, inter alia, a method for communicating to a server 
machine a certificate of a user sent by a client machine. . . comprising inserting said 
certificate into a cookie header of a request in the first protocol and transmitting the 
request, including the cookie header containing the certificate, from the security module 
to the server machine. 

As discussed during the Interview, Devine is directed toward a secure customer 
interface for web based data management. Protocols provide an identification of the user, 
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and then authentication of the user to insure the user is who is he/she claims to be and a 
determination of entitlements that the user may avail themselves of in the enterprise 
system. At least based on Fig. 10, and paragraphs 88-90 and 130-133 of Devine, it is 
readily apparent that Devine does not teach or suggest insertion of the certificate in to a 
cookie header of a request in the first protocol as specified in independent claim 1 . 

More particularly, and with reference to paragraph 90 of Devine, the exchange 
between the client and the server is outlined with, once the server is authenticated, Devine 
teaching that it may be optionally possible to request a certificate from the client, if that is 
appropriate to the cipher selected. While Devine goes on to discuss the use of cookies, 
the cookies are discussed in relation to a preferred embodiment that associates a given 
HTTPS request with a logical session which is initiated and tracked by a "cookie jar 
server" 32 to generate a "cookie" or session identifier which is a unique server-generated 
key that is sent to the client along with each reply to a HTTPS request. The client holds 
that cookie session identifier and returns it to the server as part of each subsequent 
HTTPS request Either the web server 24, the cookie jar server 32, or the dispatch server 
26, may maintain the "cookie jar" to map the session identifier to the associated session 
(see paragraph 66 of Devine). 

The Office has asserted that Figure 8 (below with highlight added) of Devine is 
being relied upon and interpreted as the "message" 
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The Office's reasoning supporting the rejection is that Devine is asserted to 
disclose digital certificates in paragraph 86 reciting their usage as a means to 'Verify the 
server to the user" and to verify the source of the Java object to be downloaded as a 
trusted source 86. The Office continues to assert that Devine teaches either the server or 
a client can send a "certificate message" and "digitally-signed certificate verify message" 
to verify that the certificate is being sent. The Office concludes by pointing to Devine's 
alleged disclosure of a cookie, within the certificate, being generated encrypted by SSL 
encryption and then included into a header. (See Interview Summary) 

Paragraph 86 was relied on and in particular its recitation of "certificate message" 
which is being interpreted by the Office to refer to a certificate. Thus, the Office 
concluded that the disclosure of the header used to generate a cookie, which is all 
contained within the certificate, reads upon the claimed cookie header as claimed. 
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Appellants respectfully submit this interpretation is contrary to the teachings of 
Devine and, upon careful analysis of Figures of 8 and 10 of Devine, it becomes apparent 
that there appears to be a misunderstanding of not only the features recited in Claim 1 but 
also of Devine. Specifically, independent Claim 1 recites that the certificate is inserted 
into a cookie header of a request. Utilizing the Office's analysis, it appears that the 
Office is interpreting the claims as inserting the certificate [cookies] into a [http] header. 
Clearly, this is different than the claimed insertion of the certificate into the cookie 
header. 

Assuming arguendo that Fig. 8 is being correctly interpreted as a "message," 
Applicants respectfully submit that with reference to cookie 111, there is no teaching or 
suggestion in Devine of incorporating a certificate into a cookie header of the cookie 111. 
Use of the cookie is discussed in Devine, at least on paragraphs 91-94. However, use of 
the cookie is limited to and cooperates with a transaction type identifier 1 1 6 for managing 
the client/server session. There is no teaching, suggestion, nor capability of inserting a 
certificate into a cookie header of cookie 1 1 1 as required by independent Claim 1. 

At least based on the above, Appellants respectfully submit Claim 1 is patentably 
distinguishable from the Devine reference. Furthermore, Appellants respectfully submit 
that there is no teaching or suggestion of the transmitting step as recited in independent 
claim 1 . Similar arguments regarding the incorporation of a certificate into cookie header 
can be made for independent Claims 6 and 7. 

Appellants thus respectfully submit that all claims are patentably distinguishable 
from the Devine reference and the outstanding rejection is untenable and should be 
withdrawn. A Notice of Allowance is respectfully requested. 
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The Commissioner is hereby authorized to charge to Deposit Account No. 50- 
1 165 (T2 147-907679) any fees under 37 C.F.R. §§ 1.16 and 1.17 that may be required by 
this paper and to credit any overpayment to that Account. If any extension of time is 
required in connection with the filing of this paper and has not been separately requested, 
such extension is hereby requested. 



Miles & Stockbridge, P.C. 
1751 Pinnacle Drive 
Suite 500 

McLean, Virginia 22102-3833 
(703) 903-9000 

#9306064 



Respectfully submitted, 



Date: June 28, 2006 




Jason H. Vick 
Reg. No. 45,285 
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Applicant requests review of the final rejection in the above-identified application. No amendments are 
being filed with this request. 



This request is being filed with a notice of appeal. 



The review is requested for the reason(s) stated on the attached sheet(s). 
Note: No more than five (5) pages may be provided. 
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